Kaspersky Labs has uncovered a new family of trojan proxies that target macOS users and steal their Bitcoin and crypto wallets.
Kaspersky Labs has uncovered a new family of trojan proxies that target macOS users and steal their Bitcoin and crypto wallets.
The malware is distributed through pirated software downloaded from unauthorized sources. The hackers behind the malware take advantage of the fact that users looking for cracked apps are more likely to disable security on their machines and download installers from questionable websites. This makes it easier for them to trick users into installing the malware along with the pirated software.
The malware targets macOS versions 13.6 and above. It gains access to a user's computer security password when the user enters it into an activator box and to the private keys to crypto wallets when the user tries to open crypto wallets compromised by the malware.
Kaspersky researchers observed that the malware was still under development as they traced it. Despite its basic method, the malware is described as "seriously ingenious." It includes a backdoor that can run any scripts with administrator privileges and replace Exodus and Bitcoin crypto wallet applications with infected versions that steal secret recovery phrases when the wallet is unlocked.
To avoid falling victim to this malware campaign, Kaspersky recommends using trusted websites, keeping the computer's operating system updated, and using a security solution on the machine.
The researchers also noted that other techniques used by hackers include disguising malware as a legitimate wallet on online stores or fake websites. This activity has become so common that the United States Federal Bureau of Investigation (FBI) issued a warning about it.
Let us know what you loved about this article, what could be improved, or share any other feedback by filling out this short form.